Usernames and passwords alone have reached the end of their useful life for protecting valuable online transactions because they are often reused by consumers across sites, easily guessed, and subject to phishing. While today’s web browsers provide PKI authentication using SSLv3 client authentication, there is not a consistent or friendly user experience across browsers and operating systems to provision and utilize the necessary PKI credential. That’s why you often hear PKI = Painful Key Infrastructure instead of Public Key Infrastructure.

Arcot has developed a seamless provisioning and utilization of PKI credentials in the form of an ArcotID. While the user logs in with their existing username/password, a SWF in the browser is providing PKI authentication behind the scenes using a locally stored credential in the form of an ArcotID.

ArcotID Flash client is part of WebFort, Arcot’s two-factor authentication system for large enterprises in financial services, healthcare and other industries facing increasing regulatory pressure to protect and verify end-users’ identities such as those from the Federal Financial Institutions Examination Council (FFIEC) and the Health Insurance Portability and Accountability Act (HIPAA).

The FIPS 140 standard is applicable to all U.S. Federal agencies that use cryptographic-based security systems to protect sensitive information in computer and telecommunication systems as defined in Section 5131 of the Information Technology Management Reform Act of 1996, Public Law 104-106.

* You can use public key certificates or Adobe LiveCycle Rights Management to secure the document, but you cannot use password encryption to protect the document. You can still open and view documents that are protected with non-FIPS compliant algorithms, but you cannot save any changes to the document using password security.

* In FIPS mode, you cannot create self-signed certificates as local PKCS#12 files.

To Configure FIPS mode on your Windows PC

Create a new DWORD Value called bFIPSMode in the registry key:
HKEY_CURRENT_USER/SOFTWARE/Adobe/Adobe Acrobat/8.0/AVGeneral
With DWORD value set to 1 to enable FIPS mode

Product development organizations began employing globalization strategies to outsource manufacturing in an effort to reduce production costs in the 1970s. The outsourcing of manufacturing can be considered as the starting point for global product development (GPD), a trend that has continued to evolve over the past 30 years and now includes outsourcing and off shoring of core design and development work. The integration of LiveCycle Rights Management ES and Pro/ENGINEER will help protect intellectual property in global product development environments. Users will be able to effectively manage document policies with capabilities for controlling access, auditing, expiration and revocation of models and documents even after they have been distributed. This level of security helps to ensure that only intended recipients can open a protected file inside and outside the firewall and that files can be made to expire on a specific date, or if necessary revoked immediately.

Ultimately, the integration of LiveCycle Rights Management ES with Pro/ENGINEER will help improve collaboration with supply chains, outsourcing partners, and teams across dispersed locations. Global businesses will have the ability to access lower cost specialty-skilled labor pools and develop products in a continuous 24/7 timeframe.

The integration is expected to be available from PTC with the next production release of Pro/ENGINEER.

Adobe Systems today introduced Adobe LiveCycle Enterprise Suite (ES), an integrated family of software for more securely automating processes that help businesses and governments engage with customers, citizens, employees, partners, and suppliers.

With LiveCycle ES, organizations can deliver applications that are easier to interact with. This enables companies to better communicate with people who may be frustrated with, or confused by on-line procedures, and are likely to abandon transactions, resorting to higher cost avenues such as in-person visits or phone assistance. By transforming processes such as account enrollment, claims processing or guided self service into engaging applications, businesses and governments can improve customer service, decrease costly cycle times, and manage information faster, more accurately, and more securely.

Adobe LiveCycle Rights Management ES (formerly Adobe LiveCycle Policy Server) provides added assurances that the sensitive information you manage and distribute is exposed only to the people you intended. You specify how people can use protected documents to restrict accidental or intentional forwarding to unauthorized recipients. The protections are persistently applied to a document, independent of subsequent storage and transport – inside and outside your organization.

Using Rights Management ES, you can protect PDF as well as native Microsoft Word, Microsoft Excel, and CATIA documents by using confidentiality policies. A policy is a collection of information that includes document confidentiality settings and a list of authorized users. The confidentiality settings you specify in a policy determine how a recipient can use documents to which you apply the policy. Because PDF documents can contain any type of information, such as text, audio, and video files, you can use Rights Management ES to more safely distribute any information that is saved in a PDF document.

You can use policies to do these tasks:
● Specify who can open policy-protected documents. Recipients can belong to your organization or can be external to your organization. You can also specify different confidentiality options on the same policy for different users.

● Specify the document confidentiality settings. You can restrict access to various permissions, including the ability to print and copy text, make changes, and add signatures and comments to a document. Administrators can also specify some additional confidentiality options, including the ability of a recipient to view a document offline and the ability of the user who applies the policy to revoke the document access rights or switch the policy.

● After distributing a policy-protected document, you can monitor and revoke access to the document, switch the policy, and change the access and confidentiality settings. Users can change confidentiality settings in policies they create. Administrators can change any organizational or user-created policy.

New Features in LiveCycle Rights Management ES

● Introduces policy sets to help administrators manage document policies. Policy set coordinators can organize and share policies that have a common business purpose into workgroup policy sets. Policy sets let administrators control and administer multiple policies simultaneously.

● Delivers scalability and performance improvements including enhanced directory synchronization performance as part of LiveCycle Foundation.

● Enhances external authorization, enabling another system to determine a user’s access to a document or file. For example, your organization may have a Content Management System (CMS) in which all of your documents are stored. Your CMS already has Access Control Lists (ACLs). The external authorization feature enables Rights Management ES to use the ACLs specified in your CMS, eliminating the need to keep ACLs in sync with Rights Management ES policies.

● Supports the ability to initiate a process in response to a particular audit event, for example, a request to
print a document.

● Implements server-side packaging features such as applying policies or removing policies as part of the Rights Management service instead of using a separate component that was needed in the previous version.

● Supports role-based administration for segregation of duties. Administrative tasks are now divided into different roles. For example, one administrator may be able to administer policies, but not server configurations. Another administrator may only be able to view the audit logs and other server configuration settings.

Adobe LiveCycle Digital Signatures ES (formerly Adobe LiveCycle Document Security) lets you use digital signatures to preserve the integrity and authenticity of a document as it is transferred among users within and beyond the firewall, when it is downloaded offline, and when it is submitted back to your organization.

With Digital Signatures ES, you can automate the process of bulk certifying and signing documents, as well as
validating signatures in documents that are submitted back to your organization.

Key features
Digital Signatures ES can apply security features to any PDF document whether it is generated by other Adobe server products, on a desktop by Acrobat, or even by a third-party solution. Because PDF documents can contain any type of information, such as text, audio, and video files, you can use Digital Signatures ES to secure any type of information that is saved in a PDF document.

Digital Signatures ES can apply the appropriate security features through automated business processes
or programmatically through the API:

Certification and Approval signatures: Specify digital signing of documents so that recipients can validate the authenticity and integrity of the content. Digital signatures can be applied individually or in batches by using digital certificates from third-party vendors. With digital signatures applied, documents maintain authenticity even when archived.

Signature validation: Specify signature validation so that your organization can verify the authenticity of returned documents it receives. When digitally signed documents are received, Digital Signatures ES can open the document and validate it based on its signature status.

How Digital Signatures ES secures a document
In a typical Digital Signatures ES process, a developer creates an application that retrieves a PDF document from a specified repository, applies a digital signature by using a credential (private key) in a specified keystore (including HSMs), encrypts the document with a password, and sends the document to several specified recipients by email. In another example, a custom application created by using the Java API may get a series of documents, apply a digital signature to all of them, and distribute them online through the web to a number of specified locations.

This new LiveCycle Digital Signatures ES release offers many new features, including:

Signing operation: The signing operation lets you control several aspects of digital signatures used in a document. When designing a PDF document, you can define the following items:
● The appearance of the digital signature when it displays on the document
● The signature algorithm used for signing
● The properties set in signature profiles used while signing
● Embedded revocation checks in the signature field property.

Signature field creation: Digital Signatures ES supports seed values through the Signature APIs that are defined in the PDF 1.7 specification. You can create these using LiveCycle Designer 8.0 or 8.1.

Signature validation: Digital Signatures ES supports several new signature validation features:
● Validation of XML digital signatures
● Configuration of revocation check failover from OCSP to CRL, and CRL to OSCP
● Enhanced Signatures Status information that can be used when developing business processes
● RFC3280-compliant validation, and support for specifying path validation options at runtime
● Per invocation control of the verification time and revocation check styles which are used for revocation checks (rather than a global setting).

TrustStore configuration: Digital Signatures ES now uses the TrustStore repository as the database in which security data is stored. Trust chains are dynamically added to the TrustStore repository without requiring a restart of the server.

New API functionality: The following new APIs enable granular control over signature processing:
ClearSignature(), ClearSignatureField, RemoveSignatureField. The Signing Profile can also be controlled using the API (seed values). You can also use the API to specify a policy OID for each trust anchor.

Configure service attributes in a web-based interface: You can configure Signature service attributes in the Archive Administration area of the LiveCycle Administration Console. For example, you can set up watched folders and endpoints for service invocation, configure remote APIs and parameters for processing.

Adobe Systems will be discussing information assurance solutions at the Tal Global & Pro-Tec Data IP Protection Summit “Demystifying Trade Secret Protection Strategies“, to be held at Sun Microsystems in Santa Clara on June 13. This event provides an opportunity to network with peers, executives and other information protection professionals on topics essential for staying up to date on: